lumma | f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 20:55

Target

tmp.exe
Size

308KB
MD5

c60f5fa3a579bca2c8c377f7e15b2221
SHA1

d44b5c6dd64284f00d6f9d05cf5327a91cad9339
SHA256

f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7
SHA512

f419adf4bd07ce18d9b7de7445b2d0185653de27738fd4403f880ee11bf49ca8a1958c1b2c94f8f4c5da52ebc79462cfb6fe71849439f6af017a95b44af2f77b
SSDEEP

6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq

Score

10^/10

lumma stealer

Family

lumma

https://bordersoarmanusjuw.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 2888 set thread context of 1716 2888 tmp.exe RegAsm.exe

description	pid	process	target process
PID 2888 set thread context of 1716	2888	tmp.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 2888 wrote to memory of 1428	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1428	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1428	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe
PID 2888 wrote to memory of 1716	2888	tmp.exe	RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:1428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:1716

memory/1716-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1716-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1716-11-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2888-0-0x0000000000ED0000-0x0000000000F24000-memory.dmp

Filesize
336KB

Download
memory/2888-1-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/2888-9-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/2888-10-0x0000000003370000-0x0000000005370000-memory.dmp

Filesize
32.0MB

Download
memory/2888-12-0x0000000003370000-0x0000000005370000-memory.dmp

Filesize
32.0MB

Download